>> We are investigating ways to improve on this method, but as far as I can
>> tell, any improvement will require a coordinated effort by all the gTLD
>> and ccTLD registries.
>
> Any improvement will require that browsers only pass cookies to
> domains which are explicitly permitted by the setter, and pass the
> setter domain to all recipients alongside the cookie. IOW, a protocol
> change. Anything else is papering over the cracks.
What about using DNS records, either a new kind, or something
TXT-based (like SPF). Maybe we could have it so that the domain owner
could make an allow cookies record, with a list of matching domains, and
if it doesn't exist, then the browser will only allow the cookie to be set
for the full domain, not a subset of it.
WebAlive Technologies
Level 1, Innovation Building
Digital Harbour
1010 La Trobe Street
Docklands Melbourne VIC 3008
This email (including all attachments) is intended solely for the named addressee. It is confidential and may contain legally privileged information. If
you receive it in error, please let us know by reply email, delete it from your system and destroy any copies. This email is also subject to copyright. No
part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.
Emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately.
>> We are investigating ways to improve on this method, but as far as I can
>> tell, any improvement will require a coordinated effort by all the gTLD
>> and ccTLD registries.
>
> Any improvement will require that browsers only pass cookies to
> domains which are explicitly permitted by the setter, and pass the
> setter domain to all recipients alongside the cookie. IOW, a protocol
> change. Anything else is papering over the cracks.
What about using DNS records, either a new kind, or something
TXT-based (like SPF). Maybe we could have it so that the domain owner
could make an allow cookies record, with a list of matching domains, and
if it doesn't exist, then the browser will only allow the cookie to be set
for the full domain, not a subset of it.
? :)
--
Kind Regards,
Tim Nelson
Server Administrator
P: 03 9934 0888
F: 03 9934 0899
E: tim.nelson (at) webalive (dot) biz [email concealed]
W: www.webalive.biz
WebAlive Technologies
Level 1, Innovation Building
Digital Harbour
1010 La Trobe Street
Docklands Melbourne VIC 3008
This email (including all attachments) is intended solely for the named addressee. It is confidential and may contain legally privileged information. If
you receive it in error, please let us know by reply email, delete it from your system and destroy any copies. This email is also subject to copyright. No
part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.
Emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately.
[ reply ]